Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5b54470d authored by Dan Carpenter's avatar Dan Carpenter Committed by Al Viro
Browse files

fcntl: return -EFAULT if copy_to_user fails 



copy_to_user() returns the number of bytes remaining, but we want to
return -EFAULT.
	ret = fcntl(fd, F_SETOWN_EX, NULL);
With the original code ret would be 8 here.

V2: Takuya Yoshikawa pointed out a similar issue in f_getown_ex()

Signed-off-by: default avatarDan Carpenter <error27@gmail.com>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 7d683a09

fs/fcntl.c

+5 −2
Original line number Original line Diff line number Diff line
@@ -274,7 +274,7 @@ static int f_setown_ex(struct file *filp, unsigned long arg) 




	ret = copy_from_user(&owner, owner_p, sizeof(owner));

	ret = copy_from_user(&owner, owner_p, sizeof(owner));

	if (ret)

	if (ret)

		return ret;

		return -EFAULT;





	switch (owner.type) {

	switch (owner.type) {

	case F_OWNER_TID:

	case F_OWNER_TID:
@@ -332,8 +332,11 @@ static int f_getown_ex(struct file *filp, unsigned long arg) 
	}

	}

	read_unlock(&filp->f_owner.lock);

	read_unlock(&filp->f_owner.lock);





	if (!ret)

	if (!ret) {

		ret = copy_to_user(owner_p, &owner, sizeof(owner));

		ret = copy_to_user(owner_p, &owner, sizeof(owner));

		if (ret)

			ret = -EFAULT;

	}

	return ret;

	return ret;

}

}